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5) 0 Claim(s) is/are allowed. 
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DETAILED ACTION 

Claim Rejections - 35 USC §102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international appUcation filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

Claims 9 and 32-36 rejected under 35 U.S.C. 102(e) as being anticipated by Smith et al 
(U.S. 6,529,956), hereinafter referred to as "Smith". 

As per claim 9, Smith teaches a method comprising the steps of receiving a signal 
requesting a web page document from a web access device, the signal including an IP address of 
the WAD (column 16, lines 15-25); retrieving data for the web page document including a URL 
of a document referenced in the web page document (2; 25-40); retrieving resource access right 
data for the URL using the IP address of the WAD and/or user name and password established 
through a login procedure (1 1; 62-65, 13; 60-65, 15; 57-62, 16; 15-25); generating hash and/or 
encrypted data to generate secure resource access right data (5; 40-60); combining the secure 
resource access right data with the respective URL to generate a secure URL (2; 25-40, 1 1; 39- 
54, 17; 20-27); generating the web page document including the secure URL that can be used to 
generate a request for the document (2; 25-40, 16; 35-59); and transmitting the web page 
document including the secure URL to the WAD (11; 39-54, 2; 25-40). 
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As per claim 32, Smith teaches a method comprising the steps of: receiving a signal 
requesting access to a resource, the request signal including a URL, secured resource access right 
data, and an IP address of a device requesting access to the resource, and hash data, wherein the 
request signal was generated from a web page containing a secure URL combining the hash data, 
URL, and secured resource access right data (13; 33-46, 15; 30-40); verifying whether key data 
is valid based on data corresponding to the key data in a secure content key database (13; 60-65); 
if the key data is verified as valid in step (b), generating hash data based on at least the EP 
address, URL, and the key data (15; 57-62, 16; 15-25); and verifying that the hash data generated 
matches the hash data included in the request signal received (15; 30-40). 

As per claim 33, Smith teaches the method as claimed in claim 32, further comprising the 
steps of terminating the request signal if the verifying of the step (d) indicates that the hash data 
generated in the step (c) does not match the hash data included in the request signal received in 
the step (a) (13; 60-65). 

As per claim 34, Smith teaches the method as claimed in claim 33, further comprising the 
steps of determining whether access to a resource is to be provided to a device identified by the 
IP address, based on the resource access right data included in the request signal (15; 57-62, 16; 
15-25); and providing access to the resource to a device identified by the IP address if the 
determining of the step (f) indicates that access to the resource is to be provided (15; 57-62, 16; 
15-25). 

As per claim 35, Smith teaches the method as claimed in claim 34, further comprising the 
steps of retrieving resource access right data from a database, the determining of step (f) based 
further on whether the EP address of the request signal is authorized to access the resource 
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indicated by the URL of the request signal, based on the retrieved resource access right data (13; 
60-65). 

As per claim 36, Smith teaches the method as claimed in claim 32, wherein the request 
signal received in step (a) includes key index data, the method further comprising the step of: 
retrieving the key data from the secure content key database using key index data (13; 32-46). 

Claim Rejections - 35 USC §103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claims 37 and 38 are rejected under 35 U.S.C. 103(a) as being unpatentable over Smith. 

As per claims 37 and 38, Smith teaches the method as claimed in claim 32, but does not 
specifically teach time-to-live considerations in dealing with the validity of key data. Official 
notice is taken that the consideration of time-based data in creating and using keys is v^ell known 
in the art of key generation and manipulation (Please see paragraph 373 of U.S. 2004/0170176, 
as an example). It would have been obvious to one of ordinary skill in the art at the time of the 
invention to include time-to-live considerations in the system of Smith, to allow for situations 
where sessions may be timed out, so that security is maintained. 
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Response to Arguments 

Applicant's arguments filed March 8, 2006 have fully been considered but are not 
persuasive. 

a. Applicant asserts that many of the features cited pertain to the sender of the 
documents, rather than the receiving client. Examiner respectfully disagrees with this assertion, 
and respectfully submits that even if this assertion was true, in the cases of encryption, security, 
and the generation of a PURL, the origination of the features is irrelevant in regards to the claim 
language, since the client is the entity subject to these features. For example, it is the chent's 
particular traits that will enable him/her to access the documents. 

b. As claimed, when the PURL is received is irrelevant, since the claim language does 
not limit the secure URL being created in a causal fashion. Even if this were the case, in column 
17, lines 20-27, Smith discloses a situation in which a user attempts to access a document 
through a certain PURL and is subject to new security and constraints, and as such, a new PURL 
is generated, which assumes similar characteristics of the old PURL (security features, IP 
logging, etc.), which constitutes the URL being created causally. The generation of a new 
PURL, taking into account the user's identity, content, keys, etc. takes place. 

c. The new PURL is generated in a web page document, as discussed in column 17, lines 

20-27. 

d. Regarding claim 9, Examiner respectfully disagrees with the assertion that the IP 
address is used after the PURL is generated. As the cited portions of Smith, along with column 
17, Unes 20-27 states, the system may use the IP address to create a new PURL, which is 
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generated as the user desires to access the server. Even if this were not the case, Smith would 
still read over the claim language, given that the time of the formation of a secure URL is not 
specifically disclosed. The only disclosure is that there is a method in which a an entity receives 
a signal requesting a web page document from a WAD, which includes an IP address, which is 
clearly discussed in Smith. Next, the retrieval of document data including a URL is disclosed in 
multitude of forms - through email or through the new PURL generation. Retrieving the further 
security features using the IP address of the receiver or through a login procedure is also 
abundantly discussed. Hash generation is disclosed, which generates access right data, which is 
then combined with the base-URL (in this case posta.tumbleweedxom) to form a secure URL. 
The document is then generated, which includes the URL (browsers also return the URL of the 
web page visited), which can be used to access the document, and the document is then 
transmitted. All of these features discussed in Smith completely encompass the features as 
claimed. 

e. With respect to claim 32, similar rationale applies to the reception of a signal 
requesting access to a resource, where the new PURL encompasses all of the security aspects 
claimed. The validity of the key data does not pertain to the sender, but rather the recipient's 
ability to access the document is predicated on whether the keys are valid. Further, hash data is 
generated in the PURL. The verification takes place, given that an invalid PURL would result in 
disallowing access to the document. 

f Examiner respectfiiUy disagrees with the Applicant's assertion that having time- 
sensitive keys would not have been obvious to one of ordinary skill in the art. Given that Smith 
discloses the time in which a document is accessed, it would have been obvious to one of 
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ordinary skill to set a time limit on how long a secure URL, for example, is valid. Given that 
Smith teaches security features consistent with web-page security, for example, implementing a 
URL time limit would have been a logical extension. In the generation of a new PURL, for 
example, the disallowance of the user's accessing the web page if he/she hesitates is abundantly 
well known in the art as well, and in an invention that pertains to accessing web-pages using 
URLs, motivation exists to add time-sensitivity, and an expectation of success certainly exists, 
given that this aspect is so common in the art. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Tanim Hossain whose telephone number is 571/272-388 L The 
examiner can normally be reached on 8:30 am - 5 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Jason Cardone can be reached on 571/272-3933, The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
AppHcation Information Retrieval (PAIR) system. Status information for published appHcations 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

Tanim Hossain 
Patent Examiner 
Art Unit 2145 
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